Towards Finding the Missing Pieces to Teach Secure Programming Skills to Students

Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 1 Pub Date : 2023-03-02 DOI:10.1145/3545945.3569730

Majed Almansoori, Jessica Lam, Elias Fang, Adalbert Gerald Soosai Raj, Rahul Chatterjee

{"title":"Towards Finding the Missing Pieces to Teach Secure Programming Skills to Students","authors":"Majed Almansoori, Jessica Lam, Elias Fang, Adalbert Gerald Soosai Raj, Rahul Chatterjee","doi":"10.1145/3545945.3569730","DOIUrl":null,"url":null,"abstract":"Research efforts tried to expose students to security topics early in the undergraduate CS curriculum. However, such efforts are rarely adopted in practice and remain less effective when it comes to writing secure code. In our prior work [18], we identified key issues with the how students code and grouped them into six themes: (a) Knowledge of C, (b) Understanding compiler and OS messages, (c) Utilization of resources, (d) Knowledge of memory, (e) Awareness of unsafe functions, and (f) Understanding of security topics. In this work, we aim to understand students' knowledge about each theme and how that knowledge affects their secure coding practices. Thus, we propose a modified SOLO taxonomy for the latter five themes. We apply the taxonomy to the coding interview data of 21 students from two US R1 universities. Our results suggest that most students have limited knowledge of each theme. We also show that scoring low in these themes correlates with why students fail to write secure code and identify possible vulnerabilities.","PeriodicalId":371326,"journal":{"name":"Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 1","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 1","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3545945.3569730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Research efforts tried to expose students to security topics early in the undergraduate CS curriculum. However, such efforts are rarely adopted in practice and remain less effective when it comes to writing secure code. In our prior work [18], we identified key issues with the how students code and grouped them into six themes: (a) Knowledge of C, (b) Understanding compiler and OS messages, (c) Utilization of resources, (d) Knowledge of memory, (e) Awareness of unsafe functions, and (f) Understanding of security topics. In this work, we aim to understand students' knowledge about each theme and how that knowledge affects their secure coding practices. Thus, we propose a modified SOLO taxonomy for the latter five themes. We apply the taxonomy to the coding interview data of 21 students from two US R1 universities. Our results suggest that most students have limited knowledge of each theme. We also show that scoring low in these themes correlates with why students fail to write secure code and identify possible vulnerabilities.

查看原文本刊更多论文

寻找缺失的部分，向学生教授安全编程技能

研究工作试图让学生在本科计算机科学课程的早期接触安全主题。然而，这种努力在实践中很少被采用，并且在编写安全代码时仍然不太有效。在我们之前的工作[18]中，我们确定了学生如何编码的关键问题，并将其分为六个主题:(a) C知识，(b)理解编译器和操作系统消息，(C)资源利用，(d)内存知识，(e)对不安全函数的认识，以及(f)对安全主题的理解。在这项工作中，我们的目标是了解学生对每个主题的知识，以及这些知识如何影响他们的安全编码实践。因此，我们对后五个主题提出了修改后的SOLO分类法。我们将该分类法应用于来自两所美国R1大学的21名学生的编码访谈数据。我们的结果表明，大多数学生对每个主题的知识都很有限。我们还表明，在这些主题中得分低与学生无法编写安全代码和识别可能的漏洞有关。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 54th ACM Technical Symposium on Computer Science Education V. 1

自引率

0.00%

发文量